CVE-2025-26381 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Common Weakness Enumeration

CWE-425 - Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References

https://https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-03

https://tyco.widen.net/view/pdf/xmejieec4b/JCI-PSA-2025-05.pdf?t.download=true&u=aiurfs